Layer7 API Management

Expand all | Collapse all

Can I setup an OpenId Connect Provider backed by CA Single Sign-on

Jump to Best Answer
  • 1.  Can I setup an OpenId Connect Provider backed by CA Single Sign-on

    Posted 03-10-2017 01:40 AM

    I am looking for a solution to provide external user management for our application using CA Single Sign-on.

    Our application is designed to be able to integrate with any standard OpenId Connect Provider.

    So, I am looking for a way to setup an OpenId Connect Provider backed by CA Single Sign-on.

     

    I find you have two products: “CA API Gateway” and “CA API Management OAuth Toolkit”.

    They can be used to setup an OpenId Connect Provider.

    “CA API Gateway” also supports to be configured to authenticate against CA Single Sign-on.

     

    My understanding is that, we can install “CA Single Sign-on”, “CA API Gateway” and “CA API Management OAuth Toolkit” together. Then after some configuration, CA API Gateway becomes a OpenId Connect provider backed by CA Single Sign-on.

     

    Is my understanding correct? If it is yes,

    • Which version of these software is required to setup an OpenId Connect Provider?
    • Is the OpenId Connect interface following standard specification? No CA specific implementation in the interface, right?


  • 2.  Re: Can I setup an OpenId Connect Provider backed by CA Single Sign-on

    Posted 03-12-2017 07:52 PM

    Moving to relevant community.



  • 3.  Re: Can I setup an OpenId Connect Provider backed by CA Single Sign-on
    Best Answer

    Posted 03-13-2017 04:38 PM

    In the next release of SSO, 12.7 SSO will be able to act as an OpenID.Connect authorization provider.  This allwos organizations to use Native SSO OpenID.Connect and Oauth capabilities or use the APIM solution for Oauth and OpenId.connect like you stated.  

     

    more information on this upcoming release is available in the Ca SSO project at http://validate.ca.com  including a CA SSO 12.7 pre-GA kit that you can download to see the new SSO OIDC in action.